Firefox might get a Super Private Browsing mode in the future
Mozilla published the organization's Research Grants for the first half of 2019 yesterday. The 2019H1 funding series seeks answers to 12 research questions in the categories "Growing the Web", "New Interaction Modes", and "Privacy & Security".
The Privacy & Security group seeks answers and new solutions in two areas: Data, and Privacy & Security in Firefox.
In the latter, Mozilla states that it has an "interest in potentially integrating more of Tor into Firefox" and that this could lead to a "Super Private Browsing (SPB) mode" for Firefox users.
Tor Browser, a web browser based on Firefox ESR code that integrates Tor connectivity, is already available. Mozilla started to implement certain Tor features in Firefox as part of the Tor Uplift project.
Designed to make life easier for developers of Tor and to integrate privacy features in Firefox, Tor Uplift introduced new features in Firefox including a new fingerprinting resisting option.
The Mozilla Research Grant question goes beyond the Tor Uplift program as it suggests that Tor could be integrated in the Firefox web browser to power the browser's Super Private Browsing mode.
The following questions are asked:
- What alternative protocol architectures and route selection protocols would offer acceptable gains in Tor performance? And would they preserve Tor properties?
- Is it truly possible to deploy Tor at scale? And what would the full integration of Tor and Firefox look like?
Firefox has hundreds of millions of users; if only a fraction of those would start using an integrated version of Tor in Firefox, it would have to be ensured that the user experience would be acceptable or better.
Scaling is one issue, and Mozilla would like to know if new protocols would improve Tor performance to address the potential bottleneck. Ultimately, it would come down to finding efficient options to run Tor at a very large scale without compromising anonymity or privacy.
Tor integration in Firefox could potentially lead to the retiring of Tor Browser. The Tor development team could continue to work on Tor, this time directly integrated in Firefox. The solution would offer several advantages but also potential issues.
Tor Browser is based on Firefox ESR. Integrating Tor in Firefox (Stable), would lead to faster development cycles and more issues the team would have to address. Firefox ESR does not get all the new features that Mozilla implements in Firefox directly.
Now You: Tor integration in Firefox: good or bad idea?
Amen. First they need (at least a couple of years) to finish RFP (and tie it to various modes). THEN they can slide Fusion into it (not that Fusion can’t be worked on at the same time) – but Tor without uptodate FP protection is a moot point (IMO). I can actually see a normal mode, a PB mode, and a TB mode: it’s really just another OA (origin attribute) to apply (but a lot of mechanisms still lack an OA, but it shouldn’t be too hard (its very complex though, don’t get me wrong) to build on an **additional** layer to FPI)
Time for nudie beers :) NUDIE BEERS are BEST BEERS
Well, could you please say this in words a common mortal like me can understand? RFP, FP, PB, TB, FPI (Oh, and thx for explaining OA!) … ðŸ¿
Haha. My thought exactly. Pants always has something intelligent and helpful to say. Trouble is, I often don’t know what it is.
I believe this is what Pants’s acronyms mean:
RFP = Resist FingerPrinting
FP = FingerPrinting
PB = Private Browser
TB = Tor Browser
FPI = First Party Isolation
You forgot to cover THEN and NUDIE.
This is like bringing a Trabant to the highway – doable, but not recommended. It might.. no – It will break and leave you exposed in the middle of the road with nothing better to do than calling a tow truck/recovery company. Maybe get fined as well for driving a museum too.
This is exactly what firefox did a few days ago.
Yeah, no, Chromium on Tor works just fine, tyvm.
Do you even know what you’re talking about? That’s a rhetorical question, BTW. Don’t bother spouting off. [Editor: please no attacks]
Ghacks-user.js (which you maintain) recommends to change settings to the detriment of website rendering, i.e. websites do break when people head your advice in some cases. Goes to show how well tought out it really is.
May I add that I find Ghacks-user.js to be pretty pointless these days, seeing where Mozilla is heading? Currently, they are planning to enable hyperlink auditing by default, removing the about:config setting that could be used to turn it off. So what good is your little script? You come across as a captain seeing that the Titanic is about to ram the iceberg, stating: “It’s not a problem. Don’t worry, I’ll fix it.”
Needless to say, I find your approach pointless, as it stands. If you really want to fix Firefox, fork it. Might be harder than creating some obscure script trying to fix the unfixable.
I really agree with you.
I wish there was some way to gather stats on how many people get cancer from reading comment sections online… (I’m a curious person)
> Yeah, no, Chromium on Tor works just fine, tyvm.
This is not possible, sorry. Chromium would have to be turned upside down first.
If you want Tor Browser level of protection. Which you very much do unless all you expect from Tor is another IP than your own, in which cases there are more predictable solutions.
Failzilla doesn’t know what to do anymore with their numbers declining. I guess they haven’t heard of TOR Browser yet.
And if anyone tried Brave they would stop using FF for good. The speed difference is incredible.
P.S. Thanks for increasing the amount of text below privacy checkbox. Maybe you should put your moto in there also, together with your grandma’s recipes for cookies.
lmao cranky are we
> I guess they havenâ€™t heard of TOR Browser yet.
I wonder what Tor Browser is based on…
It seems to me that privacy today is an understanding that no or few personal data can get into the hands of others in an uncontrollable way… but corporations almost always use a framework of and by the states to act in such a way as to maximise profits.
Unfortunately this includes grabbing as much data as possible and trying more or less successful to find out who is behind the screen. This is made possible with a very liberalised framework favoring the economic laws of capital and profits in all aspects of our lives incl. our activities at the computer and similar technologies..
At the End what does Mozilla really mean by privacy especially for all the non technology advanced users… most of them are, those who do not know a thing about security and the bad people hiding behind sinister profit making…
I am all for Super Private Mode. Bring it on!
People will use Firefox’s new privacy settings until the feds tell Mozilla to shutoff the extension certificates so they can have a window to scrape information to hack and track down certain of parties of interest on the web. It’s like a big privacy shutoff switch built into Firefox.
I don’t like the idea of â€‹â€‹a new super private navigation mode.
The underlying concept is this: we want to give all the information about you by default, but we sometimes allow you – if you set everything up very well and remember nothing – to be a little more than a cash machine : a free and responsible (wo)man.
Why a non-private mode vs a private mode, a very private mode, a very very private mode, etc.?
The main reason I chose Firefox many years ago was privacy and I think for years that there must be only two modes: the very high private mode and the “Tor” mode.
Other modes are useless in a “customer-centric view”.
(But Firefox has lost little by little over the last twenty years this vision of the primacy of the user in favor of companies that monetize us and pay Firefox for that (Hello google!).)
@Eric: “Why a non-private mode vs a private mode, a very private mode, a very very private mode, etc.?”
Because Mozilla believes that the only way to increase adoption of Firefox is to appeal to the least common denominator user.
The sad fact is that the more privacy controls a browser puts in place (whether natively or through extensions), the more websites will fail to work properly. This is an aspect of a basic truth about security (of all sorts, not just online): the more secure you make something, the less convenient it is.
For people (like myself) who highly value privacy and security, this is an acceptable price to pay. But we do not represent the mass market. I think Mozilla is trying to thread a needle here by trying to be what they perceive as acceptable to the common Joe while at the same time providing ways to lock things down more tightly for the security conscious. Thus, you end up with various “privacy modes”.
For the record, this is speculation on my part.
Depends on what you’re trying to achieve. I don’t want to be tracked since it wrecks browsing but I realize the more stuff I block, the closer to unique my browser becomes but that doesn’t matter too much because I’m not doing shady stuff.
If you really need to hide, playing with a browser and VPN will help but not totally.
For example, open panopticlick in Tor. You’ll be said to be well hidden. Well hidden among the Tor users, which ain’t a lot.
I don’t know anything about these technichal arguments but in addition to privacy and anonymity I’m more worried about democracy. For privacy and fingerprinting we have plenty of good add-ons for all tastes (canvas blocker, Temporary Containers, Privacy Possum, uBlock, …) and anonymous surfing with TOR or VPN could be useful in certain situations like censorship or against personal profiling, but… we are at the same time individual and crowd and we are not so unique as we thought but predictable.
This new solution may put a spoke in the wheels but does it really solve the problem? For marketing or political (you don’t need 100% of votes) purposes mass profiling is enough and you can fight it only with good habits:
– an anonymous user who makes a search with Google
– a non-anonymous user who makes a search with DuckDuckGo
Obviously is better an anonymous user with DuckDuckGo, but I hope I hit on the key to the whole thing. This is also an educational and political challenge and I tear my hair out thinking about people’s awareness.
They can do this, but they need to leave the “standard private mode” in the browser. I use it 24/7. I am concerned about privacy enough that I don’t want cookies and cache lingering around, but I am not prepared to pay the performance penalty of using anonymizing proxies 24/7, which means downgrading to dial-up in the process.
Well fine, I guess, seems like they’re just going on about privacy while imploring Tor. You can’t really put more of Tor into FF since Tor isn’t a browser. The FF Tor browser is based on ESR 60 right now and is a very stripped FF with some privacy additions and auto connect to Tor network.
Privacy is splendifluous* but make some sense please.
People don’t understand VPN’s because of glibness on the subject; Tor is even more inscrutable and lends itself even less to prosaic license.
*that’s not a word.
This could be Firefox’s niche to make a all in one maximum privacy and security browser.
Brave has a Private mode with Tor https://www.ghacks.net/2018/06/29/brave-browser-gets-private-tab-with-tor-option/, will this be the same thing?
“Integrating TOR into Firefox” is an oxymoron if ever I heard one.
I prefer caution when dealing with software, especially browsers. Firefox ESR is exactly that. New features come to it only after they’ve been improved enough through the stable version, which has had problems numerous times with new features.
So no. I don’t think it would be a good thing to integrate Firefox stable in Tor, nor do I think that Tor should be phased out and integrated in Firefox stable. Both should remain as they are, separate.
They each have their own purpose and shouldn’t be mixed up together.
Safety over trendy. Best way to avoid unforeseen problems which happens too often with software that hasn’t been sufficiently ironed out of its problems.
Would be better letting the Tor team develop a browsing mode which disables the Tor network but let one use the TBB as an ordinary browser for those who are privacy concerned, at least I see some times people asking how to run the TBB without the Tor network.